Prompt the user for a password reset (Ionic and Meteor)


#1

I am using iron:router and sending an enrollment link to a user. So I made a route for the enrollment link.

Router.map(function() {
  this.map('enrollUser', {
    path: '/enroll-account/:token',
    controller: 'AccountController',
    action: 'resetPassword'
  })
})

I have a meteor method to send an enrollment link to a user. Then when they go to this route, I want them to set their password.

// AccountController
resetPassword: function() {
  Accounts.resetPassword(this.params.token, function() {
    IonPopup.show({
      title: 'Create a new password',
      template: 'Please enter your new password',
      okText: 'Submit',
      inputType: 'password',
      inputPlaceholder: 'Your Password',
      onOk: function() {
        return this.password;
      }
    });
  }, function(err) {
    Router.go('userList');
  });
}

of course, this doesn’t quite work, but I can’t find a secure way to prompt them to change their password in a popup. Any ideas or input?


#2

Have you tried social login instead?
I mean, you can try to make the user login with Facebook (for example), and there won’t be need for password reset :stuck_out_tongue:
just a suggestion, of course


#3

Alas, this app works completely by invitation and passwords package. I think I found out how to solve the problem btw

// both/accounts/routes.js
this.route('enrollAccount', {
    onBeforeAction: function() {
      Meteor.logout();
      Session.set('_resetPasswordToken', this.params.token);
      this.subscribe('enrolledUser', this.params.token).wait();
      this.next();
    },
    path: '/enroll-account/:token',
    template: 'enrollAccount',
    data: function() {
      if(this.ready()) {
        return {
          enrolledUser: Meteor.users.find()
        };
      }
    }
  });

Then in the template events:

Template.enrollAccount.events({
  'submit #reset-password-form': function(e, template) {
    e.preventDefault();
    if(AutoForm.validateForm('reset-password-form')) {
      var password = $(e.target).find('[name=password]').val();
      var token = Session.get('_resetPasswordToken');
      Accounts.resetPassword(token, password, function(err, result) {
        if(!err) {
          Router.go('home');
        } else {
          console.log(err);
        }
      })
    }
  }
});

#4

I haaaaate services that force facebook or twitter logins.

A lot of people (myself clearly included) are not fans of social logins and prefer to have individual accounts setup… please don’t do that :smile:


Should 3rd party Oauth be used for authentication?
#5

I agree, cstrat, unless they’re actually making use of some other service they provide, like public_repos in github or something


#6

This is correct, although i had to pass ‘params’ in as an argument into the onBeforeAction function and then removed the “this.”